<?php
session_start(); 

$user1 = $_POST['user'];
$password = md5($_POST['pass']);

require "db_connection.php";
$q=mysql_query("SELECT
				`user`.user_id,
				`user`.user,
				`user`.account_type
				FROM
				`user`
				WHERE
				TRIM(`user`.`password`) = '$password' AND
				TRIM(`user`.`user`) = '$user1'	");		
				
$rowCount = mysql_num_rows($q);	
			
	if($rowCount!=0){
		while($row = mysql_fetch_array($q)){
			$_SESSION['id_no'] = $row['user_id'];
			$_SESSION['user'] = $row['user'];
			$_SESSION['account_type'] = $row['account_type'];
			Header("Location: ../panel.php");
		}	
	}
	else{	session_unset();
			session_destroy();
			Header("Location: ../index.php");}
	
	
mysql_close($con);
?>
